[Snort-users] Super Fast Snort Considerations
Davison, Charles Robert
cdaviso1 at ...17214...
Sun Aug 30 10:39:36 EDT 2015
I was wondering what everyone is using in production for processing snort data at high throughput. We will need to process up to 100Gb/s. I had considered using Packet Pig but don't know if it's still viable, the neat thing about it was that it leveraged Hadoop? We ran into performance issues with Snorby and I'm leaning towards just a basic snort install forwarding alerts to our syslog server to be processed by our SEIM tool... any suggestions? If we used By2 I'm not sure it could handle the data. Hardware/Architecture design specifications would be much appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users